CVE-2022-40723
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.
Source: CVE-2022-40723
[월:] 2023년 04월
CVE-2022-23721
CVE-2022-23721
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.
Source: CVE-2022-23721
CVE-2021-45111
CVE-2021-45111
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.
Source: CVE-2021-45111
CVE-2023-28089
CVE-2023-28089
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules
Source: CVE-2023-28089
CVE-2023-28088
CVE-2023-28088
An HPE OneView appliance dump may expose SAN switch administrative credentials
Source: CVE-2023-28088
CVE-2023-25793
CVE-2023-25793
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <=Â 2.0.2 versions.
Source: CVE-2023-25793
CVE-2022-40725
CVE-2022-40725
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.
Source: CVE-2022-40725
CVE-2022-45291
CVE-2022-45291
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022.
Source: CVE-2022-45291
CVE-2022-40482
CVE-2022-40482
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the IlluminateAuthSessionGuard class when a user is found to not exist.
Source: CVE-2022-40482
CVE-2022-40722
CVE-2022-40722
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.
Source: CVE-2022-40722